1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Language
Server load
1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
| Safety rating:77 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | cda4a0582495e90c0b05ae86f241cb17 |
| file type: | zip |
| Production company: | |
| version: | |
| Shell or compiler information: | COMPILER:Microsoft Visual C# / Basic .NET |
| Subfile information: | HPWASH.exedumpFile / e6e94a5306413438c86a96118c23aa0b / EXE |
| HPWASH.exe / e6e94a5306413438c86a96118c23aa0b / EXE | |
| Key behavior | |
|---|---|
| Behavior description: | 直接获取CPU时钟 |
| details: | EAX = 0xbff39b04, EDX = 0x00000038 |
| File behavior | |
|---|---|
| Behavior description: | 查找文件 |
| details: | FileName = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoreei.dll |
| FileName = C:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727\mscoreei.dll | |
| FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorwks.dll | |
| FileName = C:\Windows\Microsoft.NET\Framework\v4.0.40305\mscorwks.dll | |
| Other behavior | |
|---|---|
| Behavior description: | 打开事件 |
| details: | HookSwitchHookEnabledEvent |
| Local\MSCTF.CtfActivated.Default1 | |
| Local\MSCTF.AsmCacheReady.Default1 | |
| Behavior description: | 检测自身是否被调试 |
| details: | IsDebuggerPresent |
| Behavior description: | 窗口信息 |
| details: | Pid = 2580, Hwnd=0x3018c, Text = 确定, ClassName = Button. |
| Pid = 2580, Hwnd=0x2018a, Text = 若要运行此应用程序,您必须首先安装 .NET Framework 的以下版本之一: v4.0.30319 有关如何获取 .NET Framework 的适当版本的说明,请与应用程序发行者联系。, ClassName = Static. | |
| Pid = 2580, Hwnd=0x60190, Text = HPWASH.exe - .NET Framework 初始化错误, ClassName = #32770. | |
| Behavior description: | 直接获取CPU时钟 |
| details: | EAX = 0xbff39b04, EDX = 0x00000038 |
| Behavior description: | 打开互斥体 |
| details: | Local\MSCTF.Asm.MutexDefault1 |
| Run screenshot |
|---|
 |
HOME
